Using an OpenPGP Smartcard with GnuPG

This is part of a series on GNU Privacy Guard: Getting Started with GNU Privacy Guard Generating More Secure GPG Keys: Rationale Generating More Secure GPG Keys: A Step-by-Step Guide Using an OpenPGP Smartcard with GnuPG (this post) Recap Picking up where we left off, we’re on a relatively secure (air-gapped) system with a keyring […]

Generating More Secure GPG Keys: A Step-by-Step Guide

This is part of a series on GNU Privacy Guard: Getting Started with GNU Privacy Guard Generating More Secure GPG Keys: Rationale Generating More Secure GPG Keys: A Step-by-Step Guide (this post) Using an OpenPGP Smartcard with GnuPG In this post, I’ll will cover the generation of a new GPG key and removal of the […]

Generating More Secure GPG Keys: Rationale

This is part of a series on GNU Privacy Guard: Getting Started with GNU Privacy Guard Generating More Secure GPG Keys: Rationale (this post) Generating More Secure GPG Keys: A Step-by-Step Guide Using an OpenPGP Smartcard with GnuPG In my last post on getting started with GNU Privacy Guard, I mentioned that I’d like to […]

How Safe is Your Home? – Creating a Homemade Security System

About a year ago I received a phone call from a friend with bad news. He had been out running some errands with his newly married wife (only back from their honeymoon for a week) when an intruder broke into their home. The bandit got away with a carload of expensive electronics, but also something […]

Basic Devise and Mass Assignment – Am I Missing Something?

This week I’ve started adding real authentication to our application. We’re running the latest and greatest Rails, and we’re using ActiveRecord, so Devise looks like an excellent choice for authentication. Except I’m running into a problem getting the basics wired up. In fact, mass assignment rules are getting in my way. Am I missing something?

Authentication and CouchDB

I needed to expose an internal CouchDB server to the outside world. When it was only accessible behind a firewall, it was not a big deal to throw an Admin Party. But opening it up to the outside world meant having to figure out how to lock down the CouchDB server. This post collects some […]

"All input is evil until proven otherwise. That’s rule number one."

Yesterday SoftwareGR hosted Dr. Richard Enbody from MSU. He spoke about security, and he quoted the above security rule from the book Writing Secure Code by Michael Howard and David LeBlanc (sample chapter.) The main topic of the talk was recent research performed by Richard’s team to develop a new security feature called Secure Bit.

Atomic Spin

Atomic Object’s blog on everything we find fascinating.

security